Make use of become
in role
This commit is contained in:
parent
6e9d07b6f6
commit
f9c51842fd
|
@ -5,6 +5,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "755"
|
mode: "755"
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Ensure sub-directory for the certificate exists
|
- name: Ensure sub-directory for the certificate exists
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
@ -13,6 +14,7 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "755"
|
mode: "755"
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Ensure private key is generated
|
- name: Ensure private key is generated
|
||||||
community.crypto.openssl_privatekey:
|
community.crypto.openssl_privatekey:
|
||||||
|
@ -22,6 +24,7 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Ensure certificate signing request is created
|
- name: Ensure certificate signing request is created
|
||||||
community.crypto.openssl_csr:
|
community.crypto.openssl_csr:
|
||||||
|
@ -31,6 +34,7 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
register: cert__csr_result
|
register: cert__csr_result
|
||||||
|
|
||||||
- name: Check certificate status and create ACME challenge if needed
|
- name: Check certificate status and create ACME challenge if needed
|
||||||
|
@ -45,6 +49,7 @@
|
||||||
csr: "/etc/ansible_certs/{{ item }}/csr.pem"
|
csr: "/etc/ansible_certs/{{ item }}/csr.pem"
|
||||||
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||||
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||||
|
become: true
|
||||||
register: cert__acme_challenge
|
register: cert__acme_challenge
|
||||||
|
|
||||||
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
||||||
|
@ -74,6 +79,7 @@
|
||||||
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||||
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||||
data: "{{ cert__acme_challenge }}"
|
data: "{{ cert__acme_challenge }}"
|
||||||
|
become: true
|
||||||
notify: "{{ cert__handlers }}"
|
notify: "{{ cert__handlers }}"
|
||||||
always:
|
always:
|
||||||
- name: Ensure DNS record is removed
|
- name: Ensure DNS record is removed
|
||||||
|
@ -93,6 +99,7 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Ensure correct permissions for fullchain cert are set
|
- name: Ensure correct permissions for fullchain cert are set
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
@ -100,15 +107,18 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Get content of cert.pem
|
- name: Get content of cert.pem
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: "/etc/ansible_certs/{{ item }}/cert.pem"
|
src: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||||
|
become: true
|
||||||
register: cert__cert_slurp
|
register: cert__cert_slurp
|
||||||
|
|
||||||
- name: Get content of fullchain.pem
|
- name: Get content of fullchain.pem
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||||
|
become: true
|
||||||
register: cert__fullchain_slurp
|
register: cert__fullchain_slurp
|
||||||
|
|
||||||
- name: Ensure ca.pem is created
|
- name: Ensure ca.pem is created
|
||||||
|
@ -118,3 +128,4 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
become: true
|
||||||
|
|
Loading…
Reference in a new issue